DN417962849

Subject: Re: Programming an 'su' in Tcl? - DN [1]

libes@nist.gov (Don Libes) - 02 Dec 1998 - comp.lang.tcl

 In article <7442cl$lvk$2@news02.btx.dtag.de> mawarkus@t-online.de (Matthias Warkus) writes:
    lvirden@cas.org schrieb:
    > According to Matthias Warkus <mawa@iname.com>:
    > :I figured somehow creating a root shell and then piping commands to it
    > :would be a way, but I have never done that, and even if I could, I
    > :would open a huge security hole, I suppose.
    >
    > Check into sudo or one of the other "safe interpreters" for root
    > command access.

    I know sudo (though I have neither installed nor used it), but using
    it would mean *another* dependency on an external programme.
    My utility already relies on GNU file, GNU tar, GNU gzip, bzip2,
    compress, wish (of course :), xterm/rxvt and it needs a GUI editor
    like gvim or emacs, too...
    All these should normally be installed (except bzip2, maybe). But
    adding sudo is a completely different thing altogether, I imagine it
    needs to be configured by root to specify the actions every user can
    take...

    > :Though, what I'd like to try is to write a proc that takes a command
    > :as its argument, executes it in a su shell (so that I am prompted for
    > :a password) and gives me a handle to read and write for it.

 This is trivial using Expect.  The following starts su and lets you enter
 the password interactively before going on.

 proc su {} {
  spawn su
  interact -o -nobuffer "# " return
  return $spawn_id
 }

 Now you can write commands and read responses just the way you asked.

 Don